Metadata-Version: 2.4
Name: mongo-oidc-human-callback
Version: 0.1.3
Summary: OIDC Human Callback for MongoDB: browser-based OAuth 2.0 Authorization Code Flow with PKCE (Azure AD and other OIDC providers).
Project-URL: Repository, https://github.com/mreouven/mongo-oidc-human-callback
Project-URL: Documentation, https://github.com/mreouven/mongo-oidc-human-callback#readme
Author: Reouven Mimoun
License-Expression: MIT
License-File: LICENSE
Keywords: atlas,authentication,azure-ad,mongodb,oauth2,oidc,pkce
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Topic :: Database
Requires-Python: >=3.10
Requires-Dist: pymongo>=4.14
Description-Content-Type: text/markdown

# mongo-oidc-human-callback

OIDC Human Callback for MongoDB Atlas authentication: OAuth 2.0 Authorization Code flow with PKCE (Azure AD and other OIDC providers).

**Single dependency**: `pymongo` (stdlib for the rest: `urllib`, `logging`, `http.server`, etc.).

## Installation

```bash
pip install mongo-oidc-human-callback
```

## Usage

```python
from pymongo import MongoClient
from mongo_oidc_human_callback import OIDCHumanCallback

# Connect with human callback (browser opens + PKCE)
client = MongoClient(
    "mongodb+srv://<cluster>.mongodb.net/",
    authMechanism="MONGODB-OIDC",
    authMechanismProperties={"OIDC_CALLBACK": OIDCHumanCallback()},
)
# First access: browser opens to sign in (e.g. Azure AD)
client.admin.command("ping")
```

### Callback options

```python
OIDCHumanCallback(
    redirect_path="redirect",  # or "callback" depending on Azure AD config
    port=27097,                # local callback server port
)
```

## Features

- **PKCE** (Proof Key for Code Exchange)
- **Token caching** to avoid re-authenticating on each connection
- **Local HTTP server** to receive the OAuth redirect
- **Automatic browser opening**
- **Azure AD compatibility** (endpoints `/oauth2/v2.0/authorize` and `/oauth2/v2.0/token`)

## Azure AD configuration

In the Azure portal, for your app registration:

1. **Authentication** → Redirect URI: `http://localhost:27097/redirect` (or the `port`/`redirect_path` you use).
2. **API permissions** → Microsoft Graph (or target API): e.g. `openid`, `profile`, `email`.
